Last month we saw the first small steps towards the adoption of the memory-managed Rust programming language in the Linux kernel. Google has apparently thought along the same lines, and in a lengthy blog post Tuesday, the company announced that the Android Open Source Project now supports Rust for low-level OS components.
The Android team is doing a lot of work pushing Kotlin and Java for app developers, but those languages depend on Android Runtime (ART) to function. You can’t write anything lower than ART in Java as there would be no runtime environment to run it on. In the past, Google has typically used C or C++, but neither are memory-managed languages, and that exposes Android to memory leaks and buffer overflows.
Explaining Rust’s advantages over C/C++, Google says: “Rust provides memory security guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid. This security is achieved while providing the same performance as C and C++.” Consistent with similar statistics published by Microsoft, Google’s blog post says that “memory security bugs are still the largest contributor to stability issues and consistently represent ~70% of Android’s very serious security vulnerabilities.”
Google says rewriting the “tens of millions of lines” of existing C and C++ Android code in Rust is “just not feasible” and rewriting old Android won’t make much of a difference, as most of the bugs were fixed by old code now. Since the Android source code is an open source project with billions of users, many eyes are on it. Google says that “most of our memory errors occur in new or recently changed code, with about 50% being less than a year old.” Rust will be used for new components as needed, which should help mitigate any new memory errors that Google might introduce.
Closing out the blog post, Google says, “Over the past 18 months we’ve been adding Rust support to the Android Open Source Project and we have a few early adopter projects that we’ll be sharing in the coming months. Scaling this up to more of the OS is a multi-year project. Stay tuned, we’ll be posting more updates on this blog.”